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DETAILED ACTION 

1 . A request for continued examination under 37 CFR 1.114, including tlie fee set 
forth in 37 CFR 1 .17(e), was filed in this application after final rejection. Since this 
application is eligible for continued examination under 37 CFR 1.114, and the fee set 
forth in 37 CFR 1 .17(e) has been timely paid, the finality of the previous Office action 
has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 
10/27/2008 has been entered. 

2. Claims 1-20 are cancelled. 

3. Claims 21 -40 are new and pending. 

4. Claims 39-40 are restricted by election/restriction by original presentation (see 
below) 

5. Claims 21 -38 are presented for examination. 

Response to Arguments 

6. Applicant's arguments have been fully considered but are moot in view of new 
ground(s) of rejection. 

Election/Restrictions 

7. Newly submitted claims 39-40 are directed to an invention that is independent or 
distinct from the invention originally claimed for the following reasons: claims 39-40 are 
related to a distinct embodiment wherein assignment of VPN tunnel to a special 
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processing unit is based on tunnel type; wliereas claims 21-38 are related to 

assignment based on available resources (such as bandwidth) 

8. Since applicant has received an action on the merits for the originally presented 

invention, this invention has been constructively elected by original presentation for 

prosecution on the merits. Accordingly, claims 39-40 are withdrawn from consideration 

as being directed to a non-elected invention. See 37 CFR 1 .142(b) and MPEP § 

821.03. 



Claim Rejections - 35 USC § 112 

9. The following Is a quotation of the second paragraph of 35 U.S.C. 1 12: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

1 0. Claims 21 -38 are rejected under 35 U.S.C. 1 1 2, second paragraph, as being 
indefinite for failing to particularly point out and distinctly claim the subject matter which 
applicant regards as the invention. Consider claim 21 , line 9 recites "the current 
available bandwidths", which lacks antecedent basis. "Decremented the initial expected 
available bandwidth" on line 11 should be "decrementing ..." "The highest current 
available bandwidth" on line 13 is vague for having no connection to estimating the 
current available bandwidths. "The absolute bandwidth" on line 14, "the largest amount" 
on line 15 lack antecedent basis. For claim 30, the claim recites similar errors. 
Furthermore, reciting "SPU" and "capacity" is vague. 

1 1 . Correction is required to fix similar errors in all pending claims. 
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Claim Rejections - 35 USC § 103 

1 2. The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

13. Claim 21 Is rejected under 35 U.S.C. 103(a) as being unpatentable over Chen et 
al. (Flexible control of a parallelism in a multiprocessor PC router, hereafter Chen) and 
further in view of applicant's admitted prior art (Background of the application, hereafter 
AAPA), and Venkatanarayan et al. (US 2005/0044221, hereafter Venkatanarayan) and 
Gourlay (US 6,820,123) 

14. For claim 21 , Chen discloses a method of allocating processing capacity of 
system processing units in an extranet gateway, the method comprising the steps of: 

establishing a first initial expected available bandwidth of a first of the system 
processing units; establishing a second initial expected available bandwidth of a second 
of the system processing units (abstract, par. 2, different CPUs have their own 
processing speeds that is related to their throughput or bandwidth, 5.2, par. 2, e.g. a 
CPU can forward 239,234 packets per second); and 
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Chen does not explicitly disclose assigning a Virtual Private Network (VPN) 
tunnel to one of the first and second system processing units for processing. 

However, AAPA discloses the same (AAPA, [0010], assigning tunnels to 
processing units) 

It would have been obvious for one skilled in the art at the time of the invention to 
combine the teachings of Chen and AAPA to apply bandwidth calculation of Chen to 
efficiently assigning VPN tunnels by making use of CPU speed and bandwidth relation. 

Chen-AAPA does not disclose by according to estimated current available 
bandwidths of the first and second system processing units; wherein the highest current 
available bandwidth is based on an absolute bandwidth capacity basis, the absolute 
bandwidth being calculated by determining which system processing unit has the 
largest amount of estimated current available bandwidth. 

However, Venkatanarayan discloses by assessing current available bandwidths 
of the first and second system processing units (fig. 1, abstract, [0015], lines 15-25, load 
balancing across active adaptors by selecting an adaptor (processing units) with the 
most available bandwidth), 

wherein the highest current available bandwidth is based on an absolute 
bandwidth capacity basis, the absolute bandwidth being calculated by determining 
which system processing unit has the largest amount of estimated current available 
bandwidth (fig. 1, abstract, [0015], lines 15-25, load balancing based on selecting a 
processing unit with the most available bandwidth). 



Application/Control Number: 10/736,062 Page 6 

Art Unit: 2452 

It would have been obvious for one skilled in the art at the time of the invention to 
combine the teachings of Chen and AAPA and Venkatanarayan to load balance VPN 
tunnels to the processor that has the most available bandwidth to maximize throughput 
and avoid congestion. 

Chen-AAPA-Venkatanarayan does not explicitly disclose the current available 
bandwidths being estimated by assessing the initial expected available bandwidths for 
each system processing unit and decrementing the initial expected available bandwidth 
of each system processing unit by other processing requirements assigned to that 
respective system processing unit. 

However, Gourlay discloses the same (fig. 1 , steps 100-104, col. 3 lines 5-1 1 , 
available throughput is total throughput subtracted by current utilized throughput) 

Therefore, it would have been obvious for one skilled in the art at the time of the 
Invention to combine the teachings of Chen, AAPA, Venkatanarayan and Gourlay to 
load balance VPN tunnels to processors that has the most available resources to fully 
utilize the processing capability of the processors and therefore raise throughput level of 
VPN gateway. 

15. Claims 22-25 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Chen, AAPA, Venkatanarayan, Gourlay, and Diamant (US 7,082,530) 
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16. For claim 22, Chen-AAPA-Venkatanarayan-Gourlay does not disclose the first 
initial expected available bandwidth is established by determining whether the first SPU 
is an accelerator or a CPU. 

However, Diamant discloses determining whether a processor is an accelerator 
or a CPU (fig. 4, steps 300-306, col. 6 line 56, determining whether an adaptor supports 
special processing such as IPSec) 

It would have been obvious for one skilled in the art at the time of the invention to 
combine the teachings of Chen-AAPA-Venkatanarayan-Gourlay and Diamant to 
distribute or balance tasks such as assigning VPN tunnels to processors that are 
capable of special processing when required to increase processing speed. 

1 7. For claim 23, Chen-AAPA-Venkatanarayan-Gourlay-Diamant further discloses if 
the first system processing unit is an accelerator, the step of establishing the first initial 
expected available bandwidth comprises determining a type of accelerator (Diamant, 
fig. 4, step 300, 314, supporting IPSec?) and obtaining expected available bandwidth 
information for that type of accelerator from an initial expected bandwidth table (Chen, 
abstract, par. 2, 5.2, par. 2, initial expected bandwidth). 

18. For claim 24, Chen-AAPA-Venkatanarayan-Gourlay-Diamant further discloses if 
the first system processing unit is a CPU, the step of establishing the first initial 
expected available bandwidth comprises determining a type of CPU and CPU speed 
(5.1 par. 2, CPU speed and type), obtaining a first conversion factor for the type of CPU, 
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and multiplying the conversion factor with the CPU speed (Chen, table 1 on p. 7, 5.2 
par. 2, each CPU can forward 239,234 packets/s, 2 CPU router can forward 478,468 
packets/s). 

1 9. For claim 25, Chen-AAPA-Venkatanarayan-Gourlay-Diamant further discloses 
the first conversion factor is based on an amount of bandwidth passable by that 
processor type per unit CPU speed (Chen, table 1 on p. 7, 5.2 par. 2, each CPU can 
forward 239,234 packets/s). 

20. Claims 26, 27, 29, 30, 35, 36, 38 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Chen, AAPA, Venkatanarayan, Gourlay and what was known in the 
art (Official Notice or ON). 

21 . For claim 30, Chen discloses a method of allocating processing capacity of 
system processing units in an extranet gateway, the method comprising the steps of: 

establishing a first initial expected available bandwidth of a first of the system 
processing units; establishing a second initial expected available bandwidth of a second 
of the system processing units (abstract, par. 2, different CPUs have their own 
processing speeds that is related to their throughput or bandwidth, 5.2, par. 2, e.g. a 
CPU can forward 239,234 packets per second); and 

Chen does not explicitly disclose assigning a Virtual Private Network (VPN) 
tunnel to one of the first and second system processing units for processing. 
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It would have been obvious for one skilled in the art at the time of the invention to 
combine the teachings of Chen and AAPA to apply bandwidth calculation of Chen to 
efficiently assigning VPN tunnels by making use of CPU speed and bandwidth relation. 

However, AAPA discloses the same (AAPA, [0010], assigning tunnels to 
processing units) 

Chen-AAPA does not disclose by according to estimated current available 
bandwidths of the first and second system processing units; wherein the highest current 
available bandwidth is based on an absolute bandwidth capacity basis, the absolute 
bandwidth being calculated by determining which system processing unit has the 
largest amount of estimated current available bandwidth. 

However, Venkatanarayan discloses by assessing current available bandwidths 
of the first and second system processing units (fig. 1, abstract, [0015], lines 15-25, load 
balancing across active adaptors by selecting an adaptor (processing units) with the 
most available bandwidth), 

wherein the highest current available bandwidth is based on an absolute 
bandwidth capacity basis, the absolute bandwidth being calculated by determining 
which system processing unit has the largest amount of estimated current available 
bandwidth (fig. 1, abstract, [0015], lines 15-25, load balancing based on selecting a 
processing unit with the most available bandwidth). 

It would have been obvious for one skilled in the art at the time of the invention to 
combine the teachings of Chen and AAPA and Venkatanarayan to load balance VPN 
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tunnels to the processor that has the most available bandwidth to maximize throughput 
and avoid congestion. 

Chen-AAPA-Venkatanarayan does not explicitly disclose the current available 
bandwidths being estimated by assessing the initial expected available bandwidths for 
each system processing unit and decrementing the initial expected available bandwidth 
of each system processing unit by other processing requirements assigned to that 
respective system processing unit. 

However, Gourlay discloses the same (fig. 1 , step 100-104, col. 3 lines 5-1 1 , 
available throughput Is total throughput subtracted by current utilized throughput) 

Chen-AAPA-Venkatanarayan-Gourlay does not disclose the highest current 
available bandwidth is based on a relative bandwidth capacity basis by determining 
which SPU has the highest percentage of available capacity. 

However, Official notice Is taken that load balancing techniques based on either 
highest available capacity or percentage of available capacity are well known In the art 
at the time of the invention (see e.g. Anbiah et al., US 6,690,671, col. 4 last par.). 

Therefore, it would have been obvious for one skilled in the art at the time of the 
Invention to combine the teachings of Chen, AAPA, Venkatanarayan, Gourlay and ON 
to load balance VPN tunnels to processors that has the most percentage of available 
resources to fully utilize the processing capability of the processors and therefore raise 
throughput level of VPN gateway. 
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22. For claim 26, Clien-AAPA-Venkatanarayan-Gourlay furtlier discloses the other 
processing requirements of a system processing unit comprise processing requirements 
associated with other VPN tunnels already assigned to that system processing unit 
(AAPA, fig. 1, abstract, [0015], lines 15-25, load balancing across active adaptors by 
selecting an adaptor (processing units) with the most available bandwidth, AAPA, 
[0010], excluded assigned bandwidth to current tunnels). 

Chen-AAPA-Venkatanarayan-Gourlay does not disclose overhead processing 
requirements assigned to that SPU. 

Official Notice is taken that estimating available bandwidth taken overhead into 
account is well-known in the art the time of the invention. 

It would have been obvious for one skilled in the art at the time of the invention to 
apply what was known in the art to load balancing VPN traffic to processors described 
by Chen-AAPA-Venkatanarayan-Gourlay to compensate for protocol overhead while 
calculating available bandwidth at each processor, therefore produce more realistic 
available bandwidth values. 

23. For claim 27, Chen-AAPA-Venkatanarayan-Gourlay-ON further discloses the 
processing requirements associated with other VPN tunnels assigned to that system 
processing unit comprise encryption and de-encryption processing requirements for the 
other VPN tunnels (Chen, p. 9, left col., par. 2, 6.1-6.3, each VPN tunnel has associated 
encryption and decryption processing requirement). 
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24. For claim 29, Chen-AAPA-Venkatanarayan-Gourlay-ON furtlier discloses the 
actual load on the other VPN tunnels assigned to the system processing unit is not 
monitored or used in connection with estimating the current available bandwidth of the 
SPU (AAPA, col. 2 lines 1-2, load balancing not taken load into account). 

25. Claims 35, 36, 38 are rejected for the same rationale given in claims 26, 27, 29 
respectively. 

26. Claims 28, 31-34 and 37 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Chen, AAPA, Venkatanarayan, Gourlay, ON and Diamant (US 
7,082,530) 

27. For claim 28, Chen-AAPA-Venkatanarayan-Gourlay-ON does not disclose the 
other processing requirements of a system processing unit further comprise processing 
requirements associated with other VPN tunnels assigned to other system processing 
units. 

However, Diamant discloses an adaptive load balancing technique that enables a 
fault tolerant mode wherein tasks on a current processor are distributed to other 
processors (col. 6 lines 44-53, dedicated interfaces or processors). 

It would have been obvious for one skilled in the art at the time of the invention to 
assign dedicated processors processing power of task related to other processors so 
that tasks can be reassigned when failure of a processor happens. 



Application/Control Number: 10/736,062 
Art Unit: 2452 



Page 13 



28. Claim 37 Is rejected for tine same rationale given in claim 28. 

29. For claim 31 , Chen-AAPA-Venkatanarayan-Gourlay-ON does not disclose the 
first initial expected available bandwidth is established by determining whether the first 
SPU Is an accelerator or a CPU. 

However, Diamant discloses determining whether a processor is an accelerator 
or a CPU (fig. 4, steps 300-306, col. 6 line 56, determining whether an adaptor supports 
special processing such as IPSec) 

It would have been obvious for one skilled in the art at the time of the invention to 
combine the teachings of Chen-AAPA-Venkatanarayan-Gourlay-ON and Diamant to 
distribute or balance tasks such as assigning VPN tunnels to processors that are 
capable of special processing when required to increase processing speed. 

30. For claim 32, Chen-AAPA-Venkatanarayan-Gourlay-ON-Diamant further 
discloses if the first system processing unit is an accelerator, the step of establishing the 

first Initial expected available bandwidth comprises determining a type of accelerator 
(Diamant, fig. 4, step 300, 314, supporting IPSec?) and obtaining expected available 
bandwidth Information for that type of accelerator from an initial expected bandwidth 
table (Chen, abstract, par. 2, 5.2, par. 2, initial expected bandwidth). 
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31 . For claim 33, Clien-AAPA-Venkatanarayan-Gourlay-ON-Diamant furtlier 
discloses if the first system processing unit is a CPU, the step of establishing the first 
initial expected available bandwidth comprises determining a type of CPU and CPU 
speed (Chen, 5.1 par. 2, CPU speed and type), obtaining a first conversion factor for the 
type of CPU, and multiplying the conversion factor with the CPU speed (Chen, table 1 
on p. 7, 5.2 par. 2, each CPU can forward 239,234 packets/s, 2 CPU router can forward 
478,468 packets/s). 

32. For claim 34, Chen-AAPA-Venkatanarayan-Gourlay-ON-Diamant further 
discloses the first conversion factor is based on an amount of bandwidth passable by 
that processor type per unit CPU speed (Chen, table 1 on p. 7, 5.2 par. 2, each CPU 
can forward 239,234 packets/s). 

Conclusion 

33. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure is included in form PTO 392. 

34. Any inquiry concerning this communication or earlier communications from the 

examiner should be directed to Hieu T. Hoang whose telephone number is 571-270- 
1253. The examiner can normally be reached on Monday-Thursday, 8 a.m.-5 p.m., 
EST. 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, John Follansbee can be reached on 571-272-3964. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

HH 



/Kenny S Lin/ 

Primary Examiner, Art Unit 2452 



